CVE-2023-38486

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
arubanetworksarubaos
8.6.0.0 ≤
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.0.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
arubanetworksarubaos
8.6.0.0 ≤
𝑥
< 8.6.0.22
ADP
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.7
ADP
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.1.1
ADP
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.0.2
ADP
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt